Commit Graph

334 Commits

Author SHA1 Message Date
Norman Feske
2bbe840597 core: Handle disappearing managed dataspaces
This patch adds the consideration of suddenly disappearing managed
dataspaces in the 'Rm_session_component::reverse_lookup' function.
Previously, this case resulted in a seamingly valid translation.

Fixes #701
2013-03-27 19:27:24 +01:00
Norman Feske
26710729a3 Suppress warnings in release mode
Fixes #698
2013-03-22 17:28:07 +01:00
Sebastian Sumpf
a3afb3dae4 sd_card: Exynos5/MMC support
Added MMC specific parts to Sd-card implemntation. Read/Write takes advantage of
DMA. Currently we leave card in one bit mode.
2013-03-22 15:28:52 +01:00
Norman Feske
839c0263c9 Fix warning on 64bit
Because the template instantiation rules of C++ do not deal well with
null pointers specified as '0', the constructor of 'Local_addr' was
instantiated for [T = int], which does not make sense. To avoid the
warning "cast to pointer from integer of different size", we need to
explicitly state that '0' is a pointer. In C++11, there is the 'nullptr'
keyword, but until we switch to this version, we have to state (void *)0.
2013-03-22 12:41:21 +01:00
Norman Feske
e38983a8fa Simple thread-affinity test 2013-03-21 12:54:02 +01:00
Norman Feske
764a3656a1 cxx: Decouple C++ runtime from 'env()->heap()' 2013-03-21 11:04:56 +01:00
Christian Prochaska
570156b38c l4lx: allocate memory in chunks
When L4Linux tries to allocate a dataspace of the size of its physical
memory, this allocation can fail, because the 'l4re_ma_alloc()' function
in the 'l4lx' library always tries to allocate a contiguous dataspace of
the given size and there might be no contiguous free area left.

With this patch, memory gets allocated in chunks: if the size to be
allocated exceeds the configured chunk size, a managed dataspace gets
created and filled with multiple memory chunks of at most the chunk size.

The chunk size is 16M by default and can be configured in an l4linux
config node:

<config args="...">
	<ram chunk_size="16M"/>
</config>

Fixes #695.
2013-03-20 14:22:04 +01:00
Alexander Boettcher
0c8b996fa4 base: calculate initial junk based on 32/64 host
Issue #666
2013-03-18 13:07:22 +01:00
Stefan Kalkowski
ce58a63fb6 Remove 'epit' from generic i.MX platform spec
Remove the 'epit' variable from the generic imx31 and imx53 specification,
and only add it to base-hw specific i.MX specs. Thereby the EPIT timer
library gets build for base-hw only.
Moreover, fix some const-ness issues in the platform_timer implementation
for the EPIT timer.
Fixes #688.
2013-03-14 11:27:51 +01:00
Norman Feske
21de42c45d core: Introduce 'Address_space' interface
The new core-internal 'Address_space' interface enables cores RM service
to flush mappings of a PD in which a given 'Rm_client' thread resides.
Prior this patch, each platform invented their own way to flush mappings
in the respective 'rm_session_support.cc' implementation. However, those
implementations used to deal poorly with some corner cases. In
particular, if a PD session was destroyed prior a RM session, the RM
session would try to use no longer existing PD session. The new
'Address_space' uses the just added weak-pointer mechanism to deal with
this issue.

Furthermore, the generic 'Rm_session_component::detach' function has
been improved to avoid duplicated unmap operations for platforms that
implement the 'Address_space' interface. Therefore, it is related to
issue #595. Right now, this is OKL4 only, but other platforms will follow.
2013-03-12 21:53:08 +01:00
Norman Feske
352f58b94b core: New utilities for object lifetime management 2013-03-12 21:53:08 +01:00
Christian Prochaska
a99193ad90 Rework the internal lock interface
With this patch, the 'futex' syscall gets used for blocking and unblocking
of threads in the Linux-specific lock implementation.

The 'Native_thread_id' type, which was previously used in the
lock-internal 'Applicant' class to identify a thread to be woken up,
was not suitable anymore for implementing this change. With this patch,
the 'Thread_base*' type gets used instead, which also has the positive
effect of making the public 'cancelable_lock.h' header file
platform-independent.

Fixes #646.
2013-02-25 22:14:21 +01:00
Norman Feske
7fef0ba931 base: Increase stack size of signal thread
On foc_pbxa9, the stack size did not suffice within core.
2013-02-25 16:45:50 +01:00
Torsten Hilbrich
257cf4800d Fixed some unused parameters warnings
They cause problems when using -Werror in your compilation.
2013-02-25 16:45:49 +01:00
Martin Stein
0f8803245a base: make signal framework usable for base-hw
ref #641
2013-02-22 20:28:28 +01:00
Alexander Boettcher
c36f6a04a7 nova: extend pd_session by assign_pci function 2013-02-21 11:52:02 +01:00
Alexander Boettcher
c374f294c8 pci: add support to provide PCI ECMA config 2013-02-21 11:52:02 +01:00
Martin Stein
f6ede8cf0d arndale: base/mk platform spec
ref #601
2013-02-20 19:38:57 +01:00
Martin Stein
07b856bc8a cortex_a15: base/mk spec
ref #601
2013-02-20 19:38:42 +01:00
Martin Stein
86ddcffaf2 arndale: board driver base
ref #601
2013-02-20 19:38:32 +01:00
Martin Stein
638dcf3d40 arndale: UART driver base
ref #601
2013-02-20 19:37:58 +01:00
Christian Prochaska
519bed419d core: preserve more memory
core needs to preserve more memory when built with -O0 for the 64-bit
'linux_x86' platform

Fixes #653.
2013-02-20 14:53:42 +01:00
Norman Feske
ebc73f66df Remove base-mb platform
This base platform is no longer maintained.

For supporting the Microblaze CPU in the future, we might consider
integrating support for this architecture into base-hw. Currently
though, there does not seem to be any demand for it.
2013-02-20 13:17:39 +01:00
Norman Feske
fae63f4fa9 Merge base libraries into a single library
This patch simplifies the way of how Genode's base libraries are
organized. Originally, the base API was implemented in the form of many
small libraries such as 'thread', 'env', 'server', etc. Most of them
used to consist of only a small number of files. Because those libraries
are incorporated in any build, the checking of their inter-dependencies
made the build process more verbose than desired. Also, the number of
libraries and their roles (core only, non-core only, shared by both core
and non-core) were not easy to capture.

Hereby, the base libraries have been reduced to the following few
libraries:

- startup.mk contains the startup code for normal Genode processes.
  On some platform, core is able to use the library as well.
- base-common.mk contains the parts of the base library that are
  identical by core and non-core processes.
- base.mk contains the complete base API implementation for non-core
  processes

Consequently, the 'LIBS' declaration in 'target.mk' files becomes
simpler as well. In the most simple case, only the 'base' library must
be mentioned.

Fixes #18
2013-02-19 14:45:55 +01:00
Norman Feske
bcdc706f42 Unify 'ipc.h' and 'ipc_generic.h' across platforms
The distinction between 'ipc.h' and 'ipc_generic.h' is no more. The only
use case for platform-specific extensions of the IPC support was the
marshalling of capabilities. However, this case is accommodated by a
function interface ('_marshal_capability', '_unmarshal_capability'). By
moving the implementation of these functions from the headers into the
respective ipc libraries, we can abandon the platform-specific 'ipc.h'
headers.
2013-02-14 13:23:37 +01:00
Norman Feske
b1f63e3356 Turn 'platform_env.h' into a private header
This patch removes 'platform_env.h' from the public API headers because
this header was not part of the API anyway.
2013-02-14 13:23:36 +01:00
Norman Feske
0ed8797df2 Add sanity check to AVL tree, fix #597 2013-02-13 16:01:25 +01:00
Christian Prochaska
1947d08e78 Use the host c++ for linking hybrid applications
Some shared libraries of the host system contain search paths for finding
other needed shared libraries. These paths get evaluated only by a native
linker. To find all needed shared libraries, with this patch, the host
linker is used to link hybrid applications.

Fixes #645.
2013-02-12 12:53:35 +01:00
Alexander Boettcher
764f8335d0 base: reset _last_applicant variable
Fixes #647
2013-02-11 12:54:04 +01:00
Alexander Boettcher
6c7661ed62 base: fix sporadic context thread area faults
reverts 68156918ee
"base: apply thread.cc fix of foc to base"

Depending on the context area a fixed location is calculated where the
memory for the stack is attached to. If the context area is released before the
detach call, the very same context area can be reused and memory for the new
stack is attached for a new thread. The detach of the old thread would then
revoke the mapping for the new thread which will cause a un-handled page fault.

Issue #549
2013-02-11 12:01:27 +01:00
Norman Feske
9acad80f37 core: support upgrades of init's Env:: sessions 2013-02-11 12:01:27 +01:00
Norman Feske
622959ede4 core: always release Irq_proxy startup lock
Prior this patch the startup lock was not released if the call of
'_associate()' failed. In this condition, the caller of the constructor
was infinitely blocked.
2013-02-11 12:01:27 +01:00
Alexander Boettcher
7868156b19 base: fix deadlock in core_env on base-nova
During a ram_session->free call in 'core' the lock in core_env.h is taken.
Then in the ram_session::_free_ds implementation the dissolve function for the
dataspace is called. base-nova tries to make sure that the ds is not
accessible anymore by any kind of parallel incoming IPC by performing a
cleanup IPC. Unfortunately the dataspace_session implementation uses the very
same allocator in 'core' and may require to obtain the same lock as taken in
ram_session->free. This leads to a spurious deadlock on base-nova.

The actual free_ds implementation is mostly thread safe, since all used objects
inside there are already locked. The only missing piece is the _payload
variable. By changing the _payload variable in a atomic fashion there is no
need to lock the whole ram_session->free call which avoids deadlocks on
base-nova.

Fixes #549
2013-02-11 12:01:26 +01:00
Alexander Boettcher
f50d816555 base: fix dangling session pointers in rm_session
If page faults are handled concurrently (as for base-nova) the traverse lookup
call in rm_session_component must be thread safe, which it isn't.
If the faulting area is backed by nested dataspaces which are managed by
various rm_sessions then a race happens under following circumstances
(triggered occasionally by the bomb test).

The traverse lookup may return a pointer to a rm_session of a nested dataspace.
If the rm_session is in parallel subject to destruction it happened that faults
got enqueued to the faulters list of the deleted rm_session and internally to
a list of the current rm_session of the Rm_client.

During destruction of the faulting Rm_client the associated rm_session will
be dissolved from the Rm_client, which leads to dereferencing the
dangling pointer of the already destructed rm_session.

On base-nova the memory of the rm_session object get unmapped eventually, so
that the de-referencing of the dangling pointer caused page faults in core.

The memory on other kernels inside core never get unmapped so that the
bug doesn't trigger visible faults.

The patch replace the keeping of a rm_session pointer by keeping a
capability instead. The rm_session object must be looked up now explicitly in
the Object_pool implementation, which implements proper reference counting on
the rm_session object.

Issue #549
2013-02-11 12:01:26 +01:00
Alexander Boettcher
9453d319cb base: add remove_client to rm_session
Fixes #13
2013-02-11 12:01:25 +01:00
Alexander Boettcher
f02958b25f base: fix faults in rm_session de-constructor path
First make the clients inaccessible and dissolve them from the entrypoint. If
this isn't the first step the clients may be obtained again between
the unlock and lock steps in the destructor.

Additionally the clients may be removed in between the unlock and call
sequence, which renders such client pointers dangling and causes spurious page
faults. Keep instead a lock as long as possible and when it is required to
release a lock, then the pointer to the objects must be revalidated.

Replace the dissolve function with a remove_client implementation as suggested
by #13, which avoids that the cpu_session may call dissolve with a dangling
pointer of a already removed rm_client object. Instead the pager must be
released explicitly.

Related to issue #549
Related to issue #394
Related to issue #13
2013-02-11 12:01:25 +01:00
Norman Feske
c2a8c48574 Coding style fixes 2013-01-24 11:35:56 +01:00
Alexander Boettcher
17ca0290a1 base: fix wrap around bug in avl allocator
Fix #631
2013-01-24 11:05:02 +01:00
Stefan Kalkowski
04b8418b54 Let memcmp correspond to the C standard (fix #628)
By now, the memcmp implementation of Genode's basic string utilities just
returned whether two memory blocks are equal or differ. It gave no hint which
block is greater, or lesser than the other one. This isn't the behaviour
anticipated by implementations that rely on the C standard memcmp, e.g. GCC's
libsupc++, or the nic_bridge's AVL tree implementation.
2013-01-24 11:02:49 +01:00
Alexander Boettcher
ac5b814387 base: enable rm_fault test case for nova
Related to #621
2013-01-16 16:06:36 +01:00
Christian Prochaska
e2889f3f11 Increase signal handler stack size
Fixes #616.
2013-01-15 19:26:18 +01:00
Christian Prochaska
a6acab6d0d Synchronize signal context destruction
With this patch, the 'Signal_receiver::dissolve()' function does not return
as long as the signal context to be dissolved is still referenced by one
or more 'Signal' objects. This is supposed to delay the destruction of the
signal context while it is still in use.

Fixes #594.
2013-01-15 15:03:21 +01:00
Norman Feske
1aa9f9910c Add 'Service_registry::remove_all' function
This function is needed when reconfiguring init.
2013-01-15 10:18:11 +01:00
Norman Feske
bef78dd9f8 Core: Fix registration of CPU exception handler 2013-01-11 22:16:25 +01:00
Norman Feske
73ab30c22c Update copyright headers to 2013 2013-01-10 21:44:47 +01:00
Sebastian Sumpf
1a30bac3ea base: fix memmove implementation
Also make 'memcpy' to behave like memmove on region overlap.

Issue #604
2013-01-10 21:19:22 +01:00
Alexander Boettcher
e8c063a8b4 base: release signal context from signal list
Remove signal context object from signal source component list (_signal_queue)
before destruction, otherwise we get a dangling pointer.

On native hardware for base-nova, the signal source thread triggered page
faults in the Signal_source_component::wait_for_signal() method when the signal
context got freed up in Signal_session_component::free_context but was still
enqueued in Signal_source_component::_signal_queue.

Fixes #600
2013-01-10 21:17:42 +01:00
Norman Feske
13d4108fea Unify 'Signal_dispatcher' interfaces
Several users of the signal API used custom convenience classes to
invoke signal-handling functions on the reception of incoming signals.
The 'Signal_dispatcher' pattern turned out to be particularly useful. To
avoid the duplication of this code across the code base, this patch
adds the interface to 'base/signal.h'.

Furthermore, the patch changes the 'Signal::num()' return type from int
to unsigned because negative numbers are meaningless here.

Fixes #511
2013-01-10 21:09:14 +01:00
Alexander Boettcher
c2d3543e62 base: replace obj_by_* by lookup_and_lock
Add functionality to lookup an object and lock it. Additional the case is
handled that a object may be already in-destruction and the lookup will deny
returning the object.

The object_pool generalize the lookup and lock functionality of the rpc_server
and serve as base for following up patches to fix dangling pointer issues.
2013-01-10 11:13:13 +01:00
Alexander Boettcher
ca37f26a01 base: add memory barrier before releasing lock
When releasing a lock we must take care that all state is written back to
memory and is not cached in registers. The volatile flag of the lock variable
only means to the compiler that this value must be written immediately.
Other values changed before may be kept by the compiler in registers, which we
don't want here.

Additionally the compiler is free to reorder the code in order to optimize.
That means the code we intend to be executed inside the critical section can
get be reordered and can be executed after we reset the lock variable in the
unlock implementation. The volatile statement of the lock variable doesn't
prevent reordering of instructions which are independent.

By adding a explicit memory barrier, we force the compiler to generate code
that writes back all the register content to memory/cache (and avoid a
bunch of hard to find bugs ...)
2013-01-09 15:34:29 +01:00
Martin Stein
28f81c4a9c base: avoid shift warning in register array
Fix #422
2013-01-08 11:36:52 +01:00
Martin Stein
ac92283db0 base-hw & imx31: userland timer driver
Fix #577
2013-01-08 11:36:52 +01:00
Stefan Kalkowski
edb48873c1 base-hw & imx53: enable nested init
Fix #575
2013-01-08 11:36:52 +01:00
Martin Stein
f1d599ae8a base: rename generic Board drivers Board_base
To enable a repo to name its specific board driver 'Board'.

Fix #569
2013-01-08 11:36:51 +01:00
Norman Feske
d90b0464b8 Change order of thread-context members
Because 'stack' and 'stack_base' are related to each other, it makes
sense to locate both members close to each other.
2013-01-07 17:58:33 +01:00
Norman Feske
b0c18d0362 Test case for failure detection detection 2013-01-04 15:26:16 +01:00
Norman Feske
9f82764316 core: Introduce default CPU exception handler
The CPU session interfaces comes with the ability to install an
exception handler per thread. This patch enhances the feature with the
provision of a default signal handler that is used if no thread-specific
handler is installed. The default signal handler can be set by
specifying an invalid thread capability and a valid signal context
capability.

Furthermore, this patch relaxes the requirement of the order of the
calls of 'exception_handler' and 'set_pager'. Originally, the exception
handler could be installed not before setting a pager. Now, we remember
the installed exception handler in the 'Cpu_thread' and propagate to to
the platform thread at a later time.
2013-01-04 15:26:16 +01:00
Norman Feske
dfaecfb5ab Make quota-upgrading message more clear
Fixes #592
2012-12-22 13:04:04 +01:00
Christian Prochaska
871819336a core: preserve more memory
core needs to preserve more memory when built with '-O0' for the linux_x86
platform.

Fixes #572.
2012-12-21 14:54:21 +01:00
Alexander Boettcher
2283536b27 base: avoid deadlock in sliced_heap
It happens that ram_session and rm_session itself are invoking alloc
respectively free on the very same sliced heap inside core.

Lock only the sliced_heap list implementation and let the session locking to
the session implementation of rm_session and ram_session.

The ram_session and rm_session must take care to proper lock since inside
both implementations already the session handling thread and the service thread
are running parallel.
2012-12-21 14:54:21 +01:00
Alexander Boettcher
68156918ee base: apply thread.cc fix of foc to base*
With commit 1389b63050 in thread.cc for base-foc
a bug was fixed, where the memory of the context got freed up before running
the de-constructor.

Apply the fix also to base and base-mb.
2012-12-21 14:54:21 +01:00
Alexander Boettcher
96ef2b24c7 core: don't dereference null pointer 2012-12-21 14:54:20 +01:00
Alexander Boettcher
9cdf062ee6 base: catch exceptions in rm_session
For base-nova thread creation related exception can be thrown, since the
Pager_objects are threads. Catch the exception and re-throw the
expected/documented exception in rm_session.

This commit avoids that core dies with an unhandled exception if a thread
couldn't be created (e.g. because the limit has been reached).
2012-12-21 14:54:20 +01:00
Alexander Boettcher
df3c0d4786 base: throw exception if thread creation failed
Sanity check that the context area has been attached. Otherwise the code
later tries to access the context area and core dies with a unhandled page
fault.
2012-12-21 14:54:20 +01:00
Alexander Boettcher
8c4e1b7eb0 base: extend cap_session with memory allocator
Required to allocate memory to remember per session created capabilities.
During session destruction all capabilities have to be freed up.
2012-12-21 14:54:20 +01:00
Ivan Loskutov
f9b82a7b8e Add setting baudrate to i8250 and OMAP4 UART drivers
Fixes #445
2012-12-21 14:54:15 +01:00
Ivan Loskutov
5b8a0e5423 Add OMAP4 UART driver
Fixes #444
2012-12-20 14:40:18 +01:00
Martin Stein
240f1e334f base: Don't complete line breaks in UART drivers. 2012-12-07 08:55:16 +01:00
Norman Feske
f081733f4b Linux: remove 'some_mem' array in core
The Linux version of core used a part of the BSS to simulate access to
physical memory. All dataspaces would refer to a portion of 'some_mem'.
So every time when core would access the dataspace content, it would
access its local BSS. For all processes outside of core, dataspaces were
represented as files. This patch removes the distinction between core
and non-core processes. Now, core uses the same 'Rm_session_mmap'
implementation as regular processes. This way, the 'some_mem' could be
abandoned. We still use BSS variable for allocating core-local meta
data through.
2012-12-04 20:51:29 +01:00
Norman Feske
8930ce765d Resolve 'size_t' ambiguity
When building core as hybrid Linux/Genode program, 'size_t' becomes
ambiguous.
2012-12-04 20:51:24 +01:00
Christian Prochaska
42cef716e1 CPU session meta data RAM quota upgrade support
Fixes #541.
2012-11-30 16:27:29 +01:00
Martin Stein
46a6cb680a base & arm: Fix unecessary assertion in memcpy_cpu
Fix #529
2012-11-30 16:17:06 +01:00
Alexander Boettcher
fa2cbdc7cb Fix: don't deference stale pager pointer in core
Reset pager pointer in platform_thread if pager object is removed.

Fixes #532
2012-11-29 13:44:07 +01:00
Martin Stein
b3815c95a7 base: don't mention 'CONTEXT_VIRTUAL_SIZE' in docs
Fix #530
2012-11-29 09:55:09 +01:00
Martin Stein
ab0296bd20 base-mb: Fix compile and link errors
Fix #531
2012-11-29 09:55:04 +01:00
Norman Feske
0dbb5e1696 Propagate 'Range_allocator::alloc_aligned' errors
This patch reflects eventual allocation errors in a more specific way to
the caller of 'alloc_aligned', in particular out-of-metadata and
out-of-memory are considered as different conditions.

Related to issue #526.
2012-11-28 22:51:09 +01:00
Martin Stein
027916d961 vea9x4: Fix bug in board declarations.
Fix #516
2012-11-26 20:58:10 +01:00
Norman Feske
5c8373bec3 Cleanup destruction of RPC entrypoints
This patch introduces clean synchronization between the entrypoint
thread and the caller of the 'Rpc_entrypoint' destructor. The most
important change is the handling of the 'Ipc_server' destruction. This
object is in the local scope of the server's entry function. However,
since the server loop used to be an infinite loop, there was hardly any
chance to destruct the object in a clean way. Hence, the
'Rpc_entrypoint' destructor used to explicitly call '~Ipc_server'.
Unfortunately, this approach led to problems because there are indeed
rare cases where the server thread leaves the scope of the entry
function, namely uncaught exceptions. In such a case, the destructor
would have been called twice.

With the new protocol, we make sure to leave the scope of the entry
function and thereby destroy the 'Ipc_server' object as expected. This
is achieved by propagating the exit condition through a local RPC call
to the entrypoint. This way, the blocking state of the entrypoint
becomes unblocked. Furthermore, '~Rpc_entrypoint' makes use of the new
'join' function to wait for the completion of the server thread.
2012-11-26 20:58:09 +01:00
Christian Helmuth
3a6b739384 Add more known segment types for dynamic ELFs
These segments are not critical and the commit reduces noise in the log.
2012-11-26 11:34:00 +01:00
Norman Feske
1cc1308a80 Include 'EXT_OBJECTS' in ld group
Fixes #509.
2012-11-23 18:16:52 +01:00
Stefan Kalkowski
53529e0eeb Fiasco.OC: enable i.MX53 platform 2012-11-23 12:20:27 +01:00
Stefan Kalkowski
88316abca1 Merge panda_a2 and panda SPEC (fix #505, fix #506)
There is no obvious reason for having two different SPEC variables, definitions,
and pathes for the Pandaboard platform. It even lead to problems regarding the
omap4 framebuffer driver (look at issue #505 and #506).
2012-11-23 12:20:27 +01:00
Martin Stein
b7c1404fbf base & core: Use FIFO to queue RM faulters.
By now RM faulters are hold in a LIFO. Thus a starvation problem
occurs on managed dataspaces when multiple threads throw pagefaults
continuously.
2012-11-23 12:20:26 +01:00
Martin Stein
05f5999e71 cpu_session: Access thread state by value 2012-11-23 12:20:22 +01:00
Norman Feske
959df5d46b Generalize handling of PD-session arguments
On Linux, we want to attach additional attributes to processes, i.e.,
the chroot location, the designated UID, and GID. Instead of polluting
the generic code with such Linux-specific platform details, I introduced
the new 'Native_pd_args' type, which can be customized for each
platform. The platform-dependent policy of init is factored out in the
new 'pd_args' library.

The new 'base-linux/run/lx_pd_args.run' script can be used to validate
the propagation of those attributes into core.

Note that this patch does not add the interpretation of the new UID and
PID attributes by core. This will be subject of a follow-up patch.

Related to #510.
2012-11-21 20:04:07 +01:00
Norman Feske
bcabbe2c92 Add 'Thread_base::join()'
Using the new 'join()' function, the caller can explicitly block for the
completion of the thread's 'entry()' function. The test case for this
feature can be found at 'os/src/test/thread_join'. For hybrid
Linux/Genode programs, the 'Thread_base::join()' does not map directly
to 'pthread_join'. The latter function gets already called by the
destructor of 'Thread_base'. According to the documentation, subsequent
calls of 'pthread_join' for one thread may result in undefined behaviour.
So we use a 'Genode::Lock' on this platform, which is in line with the
other platforms.

Related to #194, #501
2012-11-19 12:43:34 +01:00
Christian Helmuth
d23ee02e9a Destruct IPC-server object on entrypoint destruction
The IPC-server object exists solely on the stack of the entrypoint
thread and, therefore, would never be destructed as the thread is just
killed. Now, the object is explicitly destructed in the entrypoint
destructor. An alternative solution could instruct the entrypoint thread
the terminate, which would automatically cleanup its stack.

The object pool is assumed to be empty on destruction of the entrypoint.
If not, we warn and at least dissolve all RPC objects.
2012-11-16 13:55:00 +01:00
Christian Helmuth
d7c511ad87 base: entrypoint stack size 2048 machine words
This makes the stack fit for 32-bit as well as 64-bit platforms.
2012-11-15 12:58:46 +01:00
Torsten Hilbrich
d5a758ea10 Root_component::session: Fix ram_quota handling
You cannot check an unsigned size_t variable for underflow, so I
changed the code to first check if an underflow would occur before
performing the subtraction.

Fixes #489.
2012-11-14 16:39:18 +01:00
Torsten Hilbrich
7d30ffc907 base: Fix a number of warnings about unused parameters
The warnings are shown if components using the genode base are
compiled with -Wextra -Wall enabled.

Fixes #489.
2012-11-14 16:38:38 +01:00
Martin Stein
8d03312528 base_hw: Use board-specific 'Core_tlb'.
'Core_tlb' ensures that core never throws pagefaults,
in contrast to its base 'Tlb' that is planned to use displacement
in the future.

'Core_tlb' enables the application of differenet memory attributes
in core, according to the board specific partitioning of the physical
address space. This way it enables caching in core.
2012-11-14 16:36:51 +01:00
Martin Stein
91c27f3f72 base: Tell a mapping wether it maps IO memory. 2012-11-14 16:36:51 +01:00
Martin Stein
cfa0a40d5e base_hw & omap4: USB HID and framebuffer driver.
Implement 'Signal_receiver::pending()'.

Provide display-subsystem MMIO.

Avoid method ambiguousness in 'Irq_context' in
'dde_linux/src/drivers/usb/signal/irq.cc'
(it derives from two list element classes when using 'base_hw').

Enables demo scenario with 'hw_panda_a2'.
2012-11-14 16:36:50 +01:00
Martin Stein
612735732a base_hw & omap4: Timer driver.
Fix bug regarding idle thread in thread scheduling in
'base-hw/src/core/kernel.cc'.

Fix regarding signal submit in signal framework in
'base-hw/src/core/kernel.cc'.
2012-11-14 16:36:50 +01:00
Martin Stein
31d57a6257 Nested init on i.MX31 via base_hw. Rework base_hw.
Implies support for the ARMv6 architecture through 'base-hw'.

Get rid of 'base/include/drivers' expect of 'base/include/drivers/uart'.

Merge with the support for trustzone on VEA9X4 that came from
Stefan Kalkowski.

Leave board drivers in 'base/include/platform'.

Rework structure of the other drivers that were moved to
'base_hw/src/core' and those that came with the trustzone support.

Beautify further stuff in 'base_hw'.

Test 'nested_init' with 'hw_imx31' (hardware) and 'hw_panda_a2' (hardware),
'demo' and 'signal' with 'hw_pbxa9' (qemu) and 'hw_vea9x4'
(hardware, no trustzone), and 'vmm' with 'hw_vea9x4'
(hardware, with trustzone).
2012-11-14 16:36:41 +01:00
Norman Feske
0c76bc9cfd Add support for specialized session interfaces
This patch introduces principal support for extending session interfaces
with specialized functionality in a clean way. For example, an 'Uart'
interface may implement the 'Terminal' interface but also offers
additional functions for setting the baud rate. A service that
implements the 'Uart' service will then automatically announce both the
'Uart' and 'Terminal' services.
2012-11-07 13:43:04 +01:00
Norman Feske
b45242c50f Add chroot support to core
Since the recent move of the process creation into core, the original chroot trampoline
mechanism implemented in 'os/src/app/chroot' does not work anymore. A
process could simply escape the chroot environment by spawning a new
process via core's PD service. Therefore, this patch moves the chroot
support into core. So the chroot policy becomes mandatory part of the
process creation.  For each process created by core, core checks for
'root' argument of the PD session. If a path is present, core takes the
precautions needed to execute the new process in the specified chroot
environment.

This conceptual change implies minor changes with respect to the Genode
API and the configuration of the init process. The API changes are the
enhancement of the 'Genode::Child' and 'Genode::Process' constructors to
take the root path as argument. Init supports the specification of a
chroot per process by specifying the new 'root' attribute to the
'<start>' node of the process. In line with these changes, the
'Loader::Session::start' function has been enhanced with the additional
(optional) root argument.
2012-11-05 17:31:05 +01:00
Norman Feske
db2b1a37ae Propagate process labels to PD sessions
On Linux, we use the session label for naming the corresponding Linux
process. When looking up the processes via 'ps', the Genode process
hierarchy becomes immediately visible.
2012-11-05 17:31:04 +01:00
Norman Feske
aee0a2061b Create entrypoint sockets in core only
This patch alleviates the need for any non-core process to create Unix
domain sockets locally. All sockets used for RPC communication are
created by core and subsequently passed to the other processes via RPC
or the parent interface. The immediate benefit is that no process other
than core needs to access the 'rpath' directory in order to communicate.
However, access to 'rpath' is still needed for accessing dataspaces.

Core creates one socket pair per thread on demand on the first call of
the 'Linux_cpu_session::server_sd()' or 'Linux_cpu_session::client_sd()'
functions. 'Linux_cpu_session' is a Linux-specific extension to the CPU
session interface. In addition to the socket accessors, the extension
provides a mechanism to register the PID/TID of a thread. Those
information were formerly propagated into core along with the thread
name as argument to 'create_thread()'.

Because core creates socket pairs for entrypoints, it needs to know all
threads that are potential entrypoints. For lx_hybrid programs, we
hadn't had propagated any thread information into core, yet. Hence, this
patch also contains the code for registering threads of hybrid
applications at core.
2012-11-05 17:31:04 +01:00
Christian Prochaska
c99dd8fdf8 Use 'CURDIR' make variable in Genode make files
The bash-builtin 'pwd' command uses the 'st_dev' and 'st_ino' members of
the 'stat' struct to compare the path from the 'PWD' environment variable
with the path returned by 'getcwd()'. These members don't get set
correctly in Noux and therefore the 'pwd' command sometimes returns wrong
results when building Genode in Noux. With this patch the 'CURDIR' make
variable gets used instead of calling 'pwd'.

Fixes #454.
2012-11-03 09:54:14 +01:00
Christian Prochaska
22cc867234 'Allocator_avl_base::free()': print error message
With this patch an error message gets printed in
'Allocator_avl_base::free()' if the given address is not the start address
of the allocated block.

Fixes #459.
2012-11-03 09:53:34 +01:00
Christian Helmuth
4d36c12d19 Reduce LOG noise to due disappeared clients
The message is disarmed in release mode (SPECS += release).

Fixes #310.
2012-11-02 13:35:45 +01:00
Norman Feske
d28b34b1fe Return value of correct type, reported by gcc-4.7 2012-11-01 17:06:05 +01:00
Stefan Kalkowski
8393ac6895 base-hw: implement vm_session for TrustZone
* Introduces Schedule_context
* Use fast-interrupts or normal interrupts
* Add mode-transition between secure/non-secure world
* Limit system resources for Genode apps due to non-secure world

This commit implements the newly introduced Vm session interface to be used
on top of TrustZone capable Armv7 CPUs. Therefore a new Schedule_context is
introduced in the kernel. Threads and Vms are both Schedule_contexts used
by the scheduler. In contrast to a thread a vm uses a different assembler
mode switch to the non-secure, virtual world, as well as another exception
is used, when the non-secure world is left. For both worlds to co-exist
the interrupt-controller needs to be configured, so that the secure (Genode)
world uses fast-interrupts only, and the non-secure world only legacy
interrupts.
The only TrustZone capable platform the base-hw kernel works on top of
is the CoreTile Express 9x4 for the Versatile Express motherboard. For a
virtual machine working properly on top some platform resources must be
reserved. Therefore there exist two flavours of this platform now, one with
the 'trustzone' spec-variable enabled, and one without. If 'trustzone' is
specified most platform resources (DDR-RAM, and most IRQs) are reserved
for the Vm and not available to the secure Genode world.
2012-10-29 10:08:30 +01:00
Stefan Kalkowski
94ea3a0acb Move away drivers from generic base-repository
Driver definitions which are used by kernel/core in base-hw, and also by other
drivers (e.g. from the os repository) have to reside in the generic
base-repository, for instance some uart drivers. All drivers which are
interesting for one of the sites only (sp804 for timer driver, or
cortex_a9 cpu driver for base-hw) should reside in the respective repos.

Factorize cpu context out of Cortex A9 specific definitions. Moreover, there
is already a Cpu_state object containing all common ARM registers. We use
this as a base for the cpu context switching done by the base-hw kernel.
The Cpu_state class get extended by a cpu-exception field, that stores the kind
of exception raised when the corresponding context got interrupted. This
information is used not only by the base-hw kernel, but also by the TrustZone
VMM that is build currently.
2012-10-29 10:08:29 +01:00
Stefan Kalkowski
f2d81a8d62 Remove superfluous, generic Thread_state definition
The 'Cpu_state' in 'base/include/base/cpu_state.h' is not needed anymore.
Moreover, it's inconsistent with the architecture-specific definitions
of 'Cpu_state' that all reside in <cpu/cpu_state.h>.
2012-10-29 10:08:29 +01:00
Stefan Kalkowski
dc3d784e6d Introduce platform-specific services for core
By now all services in core where created, and registered in the generic
main routine. Although there exists already a x86-specific service (I/O ports)
there was no possibility to announce core-services for certain platforms only.
This commit introduces a hook function in the 'Platform' class, that enables
registration of platform-specific services. Moreover, the io-port service
is offered on x86 platforms only now.
2012-10-29 10:08:29 +01:00
Stefan Kalkowski
96d45c1159 Define board declarations in a more generic fashion
By naming all board declaration (previously in base/include/drivers/board) the
same way, and putting them in platform-specific include-pathes, we save additional
declaration redirection in the base-hw kernel, and in driver definitions.
2012-10-24 16:41:13 +02:00
Christian Prochaska
1c064d9e70 core: implement missing context area functions
This patch implements the following functions:

base:
- Context_area_rm_session::detach()
- Context_area_ram_session::free()

base-nova:
- unmap_local()

base-fiasco, base-pistachio:
- unmap_local() stub

This patch partially resolves issue #394.
2012-10-24 11:34:39 +02:00
Christian Prochaska
17dc60eb66 cxx: make 'operator delete(void *)' a weak symbol
The 'delete (void *)' operator gets referenced by compiler generated code,
so it must be publicly defined in the 'cxx' library. These compiler
generated calls seem to get executed only subsequently to explicit
'delete (void *)' calls in application code, which are not supported by
the 'cxx' library, so the 'delete (void *)' implementation in the 'cxx'
library does not have to do anything. Applications should use the
'delete (void *)' implementation of the 'stdcxx' library instead. To make
this possible, the 'delete (void *)' implementation in the 'cxx' library
must be 'weak'.

Fixes #419.
2012-10-24 11:34:39 +02:00
Alexander Boettcher
83039267fa Cleanup: remove 'first' and 'next' of cpu_session
Fixes #10
2012-10-24 11:34:38 +02:00
Alexander Boettcher
105ff5dfed Provide main thread cap via parent interface
Preparation to solve issue #10
2012-10-24 11:34:38 +02:00
Alexander Boettcher
664e0dc7cd Provide cpu_session_cap via environment object
Preparation to solve issue #10
2012-10-24 11:34:33 +02:00
Sebastian Sumpf
5549f6413b IRQ: Add base class for shared IRQs
Added generic 'Irq_proxy' class to core includes (ported from base-okl4). It can
be used to implement shared IRQ support for various base platforms. It will
generate one thread per IRQ and unblocks waiting clients (IRQ sessions) upon
interrupt receipt.

Issue #390
2012-10-09 13:47:47 +02:00
Sebastian Sumpf
ff0c7825e4 ACPI/IRQ: Add interrupt mode to IRQ connection
Read flags (polarity/trigger) from MADT and add information to 'Irq_connection'
arguments.

Issue #390
2012-10-09 13:47:47 +02:00
Norman Feske
4a1b545770 Move 'Child' API implementation to library 2012-10-09 13:45:33 +02:00
Norman Feske
64245dde3a Avoid superfluous compiler warnings
GCC warns about uninitialized local variables in cases where no
initialization is needed, in particular in the overloads of the
'Capability::call()' function. Prior this patch, we dealt with those
warnings by using an (unreliable) GCC pragma or by disabling the
particular warning altogether (which is a bad idea). This patch removes
the superfluous warnings by telling the compiler that the variable in
question is volatile.
2012-10-08 15:08:21 +02:00
Christian Helmuth
4017e592f0 Compile PDBG() in release mode too
Formerly, GENODE_RELEASE just undef'd PDBG() which concealed bugs in
places PDBG was used, e.g., do to API changes. Unfortunately,
desparately disabling GENODE_RELEASE during bug hunt sometimes
introduced new errors. Now, PDBG is just a branch not taken but seen by
the compiler, which is able to produce warnings/errors when the API is
changed.

Fixes #378.
2012-10-04 14:37:18 +02:00
Norman Feske
0775730155 Add missing initialization of 'write_combined' 2012-10-04 14:03:07 +02:00
Christian Prochaska
a42f6d8cf7 Noux: get 'libgcc_eh.a' built with GCC
Fixes #373.
2012-09-30 13:37:20 +02:00
Christian Prochaska
1483f1032d Remove broken compiler check
The 'build.mk' file checks if the tool chain to be used supports the
'-static' and '-fno-stack-protector' flags, but this check always fails
for the current Genode tool chain because it cannot create executable
files without explicitly specifying the 'crt0' and library files to be
linked, which the check doesn't.

This patch removes the compiler check.

Fixes #358.
2012-09-24 09:18:00 +02:00
Alexander Boettcher
9eeec09ebe Fix log2 and alignment calculation - 64bit issue 2012-09-24 09:18:00 +02:00
Alexander Boettcher
11a262c1af Allocate first heap requests from bss
The exception initialization and handling in gcc_eh allocates early (_main)
memory before executing main. In Vancouver the virtual
region from [0,VM size) must be reserved. Vancouver fails if the memory
allocated by the exception handling and the static objects was allocated
inside the [0, VM size) area.

To circumvent the situation allocate the first memory pieces for the heap
from the bss.
2012-09-24 09:17:58 +02:00
Alexander Boettcher
dbbfab5e7b 64bit fix for region dump 2012-09-24 09:17:58 +02:00
Alexander Boettcher
ea38aad30e Move context area definition to native_type 2012-09-24 09:17:54 +02:00
Stefan Kalkowski
689c08e411 Make first block of allocator_avl 64bit fit
The first metadata-block, which is inherent part of the allocator object
itself has a fixed size which isn't suitable enough for some 64bit platforms
(e.g. core's RAM-allocator on a 64bit platform with lots of different regions).
This commit let the block size be address-width aware.
2012-09-18 16:47:59 +02:00
Alexander Boettcher
6994f6a8c5 Fix binary size for 64bit
Every 64-bit binary is effectively 4M too big currently [0]. The GNU linker ld
aligns the text section of the binary to the maximum page size. On i386
the default section alignment is fixed typically to 4K.

Avoid wasting mainly 4M on x86_64 by telling the linker the max page size to
be 4K.

[0] http://sourceware.org/ml/binutils/2009-04/msg00099.html
2012-09-05 15:06:52 +02:00
Norman Feske
83bdfea9b0 Extend Cpu_session with thread-affinity API
This patch introduces the functions 'affinity' and 'num_cpus' to the CPU
session interface. The interface extension will allow the assignment of
individual threads to CPUs. At this point, it is just a stub with no
actual platform support.
2012-09-05 10:25:04 +02:00
Norman Feske
9651974448 Add stdcxx-4.6.1 to libports, fix #339
This patch adds libstdc++ to libports. With the previous version of the
stdcxx library, the build system used the C++ standard library that
comes with the compiler. This mechanism was prone to inconsistencies of
types defined in the header files used at compile time of the tool chain
and the types provided by our libc. By building the C++ standard library
as part of the Genode build process, such inconsistencies cannot happen
anymore.

Note that the patch changes the meaning of the 'stdcxx' library for
users that happened to rely on 'stdcxx' for hybrid Linux/Genode
applications. For such uses, the original mechanism is still available,
in the renamed form of 'toolchain_stdcxx'.
2012-09-04 12:37:56 +02:00
Stefan Kalkowski
b71c1649d6 Fiasco.OC: check invoked capability (fix #341)
Let the Fiasco.OC base platform succeed the cap_integrity run-script meaning
that it is not feasible anymore to fake a capability by using a valid one
together with a guessed local_name.
2012-08-30 11:15:27 +02:00
Norman Feske
d3e8328089 Unify uint64_t among 32-bit and 64-bit platforms
On both 32-bit and 64-bit platforms, 'uint64_t' can be defined as
'unsigned long long', which is the type expected by the %llx
format-string specifier. By unifying the type definitions, we resolve
warnings about unmatching type specifiers. This patch also removes
redundant words from the typedefs.
2012-08-16 13:32:56 +02:00
Norman Feske
47e95d4e18 Support upgrading of child-environment resources
Fixes #5
2012-08-16 10:03:06 +02:00
Alexander Boettcher
775b5a174b Reserve up to 8x4 bytes for the parent capability 2012-08-14 19:14:25 +02:00
Alexander Boettcher
8526dc4f19 Set ERR_INVALID_OBEJCT if call failed to server
Tell the client that the last operation failed, instead of continuing doing
useless things.
2012-08-10 10:57:54 +02:00
Alexander Boettcher
7aa75477e2 Propagate status code of Thread state and start 2012-08-09 11:09:40 +02:00
Sebastian Sumpf
88ac32e3bb Base: New 'memcpy' implementation
Added CPU specific memcpy function ('memcpy_cpu'), which is tried first in
default 'memcpy'. Improved default 'memcpy' to copy eight byte chunks.
2012-08-07 22:21:54 +02:00
Martin Stein
ff65f6f021 Run Genode directly on hardware with 'base-hw'. 2012-08-03 12:06:37 +02:00
Norman Feske
d079ef51ae Adapt GDB monitor and Noux to CPU session changes 2012-08-03 12:06:31 +02:00
Martin Stein
9369057f90 Extend RAM/CPU session for base-hw context-areas. 2012-08-02 16:41:21 +02:00
Martin Stein
2e918da325 Enhance specs that concern 'base-hw'.
Add specs for the PandaboardBoard A2 and according devices.

Refine axisting specs for Cortex A9 systems.
2012-08-02 16:41:21 +02:00
Martin Stein
9b0a54e980 Fix several bugs in the Cortex A9 drivers.
Avoid the use of deprecated 'MASK' enum in CPU register 'Asid'.

Enable the use of the 'K' bit in MMU translations.

Treat any try to modify existing valid entries in section- and
pagetables when doing 'insert_translation' as error.

Beautify concerned files.
2012-08-02 16:41:21 +02:00
Martin Stein
66bec10276 Fix bug in MMIO framework and test it
Avoid that members of a inheritor overlay those of the
register- and MMIO-framework.

Beautify register- and MMIO-framework.
2012-07-31 12:08:03 +02:00
Norman Feske
e6b72030d3 Simplify run scripts 2012-07-27 17:00:44 +02:00
Norman Feske
693922d789 Support for 64-bit registers in 'util/register.h'
For 64-bit registers we cannot compute MASK and SHIFT values via enums
because enum values are always of type int. But we can use static member
functions instead. Furthermore, the patch fixes the type trait for
64-bit registers. (apparently, this access width was never used so far)
2012-07-25 19:14:06 +02:00
Alexander Boettcher
9e582c59a9 Don't loop forever if upgrade of a donation failed.
The code intended to stop after the first failed attempt,
however the bool variable to control this was reseted
inside the loop and so it endless loops.

Fixes #51
2012-07-19 21:05:51 +02:00
Christian Prochaska
e5bf7828d9 Add missing unwind code to cxx lib
This patch adds support for the '_Unwind_Complete()' and
'_Unwind_DeleteException()' functions in the cxx lib.

Fixes #275.
2012-07-16 14:54:19 +02:00
Norman Feske
cfda8ac4ae Add bitfield polling support to MMIO framework 2012-07-09 15:07:32 +02:00
Christian Prochaska
e39200d8c6 Noux: update GCC to version 4.6.1
This patch updates GCC to version 4.6.1 and enables tool chain support for
x86_64 and ARM.

Fixes #266.
2012-07-04 14:56:58 +02:00
Alexander Boettcher
4ece3b3c77 Deadlock fix in rm_session on NOVA platform
Rm_client is derived from Pager_object. If the Pager_object is also
derived from Thread_base (which is the case for NOVA) then the
Rm_client object must be destructed without holding the rm_session_object
lock. The native platform specific Thread_base implementation has to take
care that all in-flight page handling requests are finished before
destruction. On NOVA it is done by doing an IPC to the pager thread.
(performed in Pager_object::dissolve() in base-nova). The
called thread than executes its operation until end which also requires
in some cases to take the rm_session_object lock.

Since _client_slab insertion/deletion also must be performed
synchronized but can't be protected by the rm_session_object lock
because of the described dead_lock situation, we have
to use a synchronized allocator object to perform insertion and
deletion of Rm_clients.
2012-07-04 14:56:47 +02:00
Alexander Boettcher
8ee4442108 Feature: add synchronized allocator 2012-07-04 14:56:47 +02:00